<?php 
//1.链接数据库
include '../function.php';

$mysqli = @new mysqli("127.0.0.1","root","","school"); 

if($mysqli->connect_errno){
	exit('错误代码：'.$mysqli->connect_errno."错误信息：".$mysqli->connect_error);
}

$mysqli->query("set names utf8");

// $id = '8 or 1=1';

// $stmt = $mysqli->stmt_init();


// $sql = "select * from stu where id='8' or 1=1'";

// 预准备，产生一个预准备对象
$stmt = $mysqli->prepare("INSERT INTO stu (name,age) VALUES (?, ?)");

if(!$stmt){
	exit('错误代码：'.$mysqli->errno."错误信息：".$mysqli->error);
}

$stmt->bind_param('si', $name,$age);
//sssd,前三个是字符串，最后一个是小数
$name ="水上";
$age = 30;
/* execute prepared statement */
$stmt->execute();



























 ?>